[turba] Re: Turba 1.2.2 and ldap
Craig White
craigwhite at azapple.com
Mon Mar 21 12:38:43 PST 2005
Let's keep this on the list please...
On Mon, 2005-03-21 at 22:16 +0200, Jānis wrote:
> Citēju Craig White <craigwhite at azapple.com>:
>
> > If you plan to add entries with objectclasses of person or
> > inetOrgPerson, you MUST have an 'sn' attribute as those objectclasses
> > require it - that is the error you are experiencing above
> >
> > You are free to modify localldap or any ldap item that you create to
> > map/display attributes as needed or desired. In the case of adding
> > entries with the objectclasses above, you need to know that the 'sn'
> > attribute is needed.
>
> here is the citation of core.shema modified according to the core.shema.patch
>
> objectclass ( 2.5.6.6 NAME 'person'
> DESC 'RFC2256: a person'
> SUP top STRUCTURAL
> MUST cn
> MAY ( sn $ userPassword $ telephoneNumber $ seeAlso $ description ) )
>
> from that i see, that sn is optional.
> Regarding modification - can I only change mappings or more?
----
core.schema as supplied by openldap v 2.2.23
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
You wanna use a modified schema? You're on your own - I can't help you
here. Suggest that you go back to the person who is providing you with
this concept.
I tend not to modify the basic structure of things when I don't
understand the reasons why and the implications of doing it. When you
are speaking of modifying core.schema - you are pretty much putting LDAP
under assault - the question becomes why?
As far as what you can change in sources.php - you can pretty much
change whatever you need to in order to adapt to your
setup...flexibility/configurability is one of the greatest strengths of
horde. Understanding the flexibility/configurability - well that's been
something that I've needed to do and I suspect that I am not alone here.
----
> > >
> > > no, personal addressbooks are not under ou=People, but under
> > > personal_addressbook:
> > >
> > > dn: ou=janis,ou=personal_addressbook,dc=dv,dc=lv
> > > ou: janis
> > > objectClass: top
> > > objectClass: organizationalUnit
> > > structuralObjectClass: organizationalUnit
> > >
> > > It should be noted that the only intended function of ldap at the moment is
> > > storage of addrbooks for the use by Horde apps.
> > ----
> > seems rather short-sighted
> >
> > it's gonna make you work harder to 'authenticate' users to LDAP if you
> > don't use LDAP for authentication but since your ACL is 'access to * by
> > * write' - security and authentication have been rendered meaningless
> > anyway.
>
> it is set as recommended in Patrick Ni paper
> (www.redant.ca/consulting/ldap/turba.php) for temporary use.
----
OK - just briefly glancing through it - he's suggesting a tree called
ou=Hosting,ou=Account,dc=redant,dc=ca as base for user authentication.
probably gonna have to work something like that through in your setup to
get authentication working so you don't have authentication errors
(err=49 - Invalid Credentials)
----
>
> > anyway, something that I have never played with is an option in
> > sources.php
> >
> > 'charset' => 'utf-8',
> >
> > you might be able to set it to something more to your liking
>
> can't check because of the Error 49 i can't get authenticated
> ***
----
yeah - you do need to solve the authentication problem. I would suspect
that since LDAP is gonna use UTF-8, that any change in this regard would
convert to/from UTF-8 and your setting but alas being typical American,
I don't have any experience in this.
Craig
More information about the turba
mailing list